[[nsp] Possibly OT: Securing Syslog and SNMP.]
Joshua Smith
joshua.ej.smith@usa.net
Wed, 20 Nov 2002 10:22:26 -0500
allow the traffic with an acl or firewall entry similar to this:
permit udp 'border ip' eq 514 host 'syslog ip'
permit udp 'border ip' eq snmp-trap host 'nms ip'
deny ip any any log-input
hth
joshua
James Kilton <kilton9@yahoo.com> wrote:
> I'm wondering if there are any standard practices to
> securing the monitoring of Cisco devices via Syslog
> and SNMP.
>
> The primary issue I'm having trouble with is the
> following: ideally you want your Management segment to
> be as secure as possible, perhaps the most secure
> segment on your network. How then to you allow
> traffic (Syslog, SNMP traps) from non-firewalled Cisco
> devices such as border routers and backbone switches
> to this Management network?
>
> It seems that the Management network should be in the
> far "backend" of the network for security reasons, yet
> somehow we need to allow traffic initiated from
> devices in the very front of the network. Seems like
> a catch-22. If anyone can share their thoughts and
> experience with this, I'd appreciate it.
>
> Thanks.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - Let the expert host your site
> http://webhosting.yahoo.com
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -